From 147538cfa5c81d9e114f188d3ebfb642e41b37f5 Mon Sep 17 00:00:00 2001
From: Gardouille <gardouille@gmail.com>
Date: Wed, 16 Sep 2015 17:59:42 +0200
Subject: [PATCH] firewall: Add INPUT rules if sshd is available

---
 firewall | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/firewall b/firewall
index 24fd304..5d4a450 100755
--- a/firewall
+++ b/firewall
@@ -118,10 +118,10 @@ fw_start() {
   # Accept icmp ping from LAN
   #$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN"
 
-
-
-  #### SSHD
-  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
+  if [ $(command -v sshd) ]; then
+    #### SSHD
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
+  fi
 
   ## BackupPC
   $IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
@@ -131,17 +131,17 @@ fw_start() {
   #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
   #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
 
-if [ $(command -v slapd) ]; then
-  #### slapd
-  #### if 389 is use, ldap connections should be in TLS
-  $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
-  $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
-fi
+  if [ $(command -v slapd) ]; then
+    #### slapd
+    #### if 389 is use, ldap connections should be in TLS
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
+  fi
 
-if [ $(command -v dhcpd) ]; then
-  #### dhcpd
-  $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
-fi
+  if [ $(command -v dhcpd) ]; then
+    #### dhcpd
+    $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
+  fi
 
   #### PuppetMaster
   #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"